安装saltstack
从官网下载一个rpm的源,安装这个yum源。master上安装salt-api、salt-master和salt-minion,客户端安装salt-minion。
master和api安装
yum install -y salt-master salt-api pyOpenSSL
pip install salt-api
pip install cherrypy==3.2.3
#创建saltapi用户并配置saltapi的密钥
cd /etc/pki/tls/certs/
make testcert #设置秘钥密码,(3次) ,剩下回车,密码要记住,以后会用到
cd ../private/
openssl rsa -in localhost.key -out localhost_nopass.key
chmod 755 /etc/pki/tls/certs/localhost.crt
chmod 755 /etc/pki/tls/private/localhost.key
chmod 755 /etc/pki/tls/private/localhost_nopass.key
useradd -M -s /sbin/nologin saltapi
passwd saltapi
#修改配置
sed -i '/#default_include/s/#default/default/g' /etc/salt/master
mkdir -p /etc/salt/master.d
cd /etc/salt/master.d
vim api.conf
rest_cherrypy:
port: 8001
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost_nopass.key
vim eauch.conf
external_auth:
pam:
saltapi: # 用户
- .* # 该配置文件给予saltapi用户所有模块使用权限,出于安全考虑一般只给予特定模块使用权限
- '@runner'
- '@wheel'
systemctl restart salt-master
systemctl start salt-api
minion安装
yum install -y salt-minion
vim /etc/salt/minion
master: master-ip #写master的IP
id: self-ip #写minion本机IP,也可以是hostname,自定义,不能重复
systemctl start salt-minion
salt-master、salt-api和salt-minion安装修改配置,启动这些服务。
编写测试salt-api的脚本
创建一个salt-api.py的文件
文件内容如下
import ssl
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import json
import requests
contest = ssl._create_unverified_context()
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
salt_api = "https://192.168.11.130:8001/" #salt-api所在主机的ip,8001为salt-api服务的端口号
class SaltApi:
def __init__(self, url):
self.url = url
self.username = "saltapi" #salt-api登录的用户
self.password = "123456" #为salt-api创建的密钥的密码,即创建密钥文件时输入的密码
self.headers = { #header信息
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.3",
"Content-type":"application/json"
}
self.params = {"client":"local", "fun":"", "tgt":""} #固定写法,key不能随便修改
self.login_url = salt_api + "login" #salt-api登录的url
self.login_params = {"username":self.username, "password":self.password, "eauth":"pam"} #登录所需的参数信息
# self.token = self.get_data(self.login_url, self.params)["token"]
self.token = self.get_data(self.login_url, self.login_params).get("token") #获取token,上一行也是获取token,但是如果token不存在上一行代码运行会报错,这行代码只会返回空值
self.headers["X-Auth-Token"] = self.token
def get_data(self, url, params):
send_data = json.dumps(params)
request = requests.post(url, data=send_data, headers=self.headers, verify=False)
response = request.json()
result = dict(response)
return result["return"][0]
def salt_command(self, tgt, method, arg=None):
if arg:
params = {"client":"local", "fun":method, "tgt":tgt, "arg":arg,}
else:
params = {"client":"local", "fun":method, "tgt":tgt}
result = self.get_data(self.url, params)
return result
def main():
salt = SaltApi(salt_api)
salt_client = "192.168.11.130" #客户端的id,即在minion中配置的id。
# salt_client = ["*"] #所有客户端
# salt_test = "grains.items"
salt_test = "test.ping" #salt的命令
salt_method = "grains.get"
# salt_method = "cmd.run"
# salt_method = "disk.usage"
salt_params = ["ip_interfaces",]
result1 = salt.salt_command(salt_client, salt_test)
print(result1)
result2 = salt.salt_command(salt_client, salt_method, salt_params)
print(result2)
if __name__ == '__main__':
main()
执行后,输出结果如下
{'192.168.11.130': True}
{'192.168.11.130': {'ens33': ['192.168.11.130', 'fe80::20c:29ff:fef5:3e0d'], 'lo': ['127.0.0.1', '::1']}}
json格式字符串,再通过key来取到相应的value,得到的值存入数据库中。这样就实现了获取客户端的数据。